Example 1 with NoSuchItemOnTokenException
use of org.mozilla.jss.crypto.NoSuchItemOnTokenException in project jss by dogtagpki.
the class PKCS12Util method importKey.
public void importKey(PKCS12 pkcs12, Password password, String nickname, PKCS12KeyInfo keyInfo) throws Exception {
PKCS12CertInfo certInfo = pkcs12.getCertInfoByKeyID(keyInfo.getID());
if (certInfo == null) {
logger.debug("Private key has no certificate, ignore");
return;
}
CryptoManager cm = CryptoManager.getInstance();
CryptoToken token = cm.getInternalKeyStorageToken();
PK11Store store = (PK11Store) token.getCryptoStore();
X509CertImpl certImpl = certInfo.getCert();
X509Certificate cert = cm.importCACertPackage(certImpl.getEncoded());
// get public key
PublicKey publicKey = cert.getPublicKey();
byte[] epkiBytes = keyInfo.getEncryptedPrivateKeyInfoBytes();
if (epkiBytes == null) {
logger.debug("No EncryptedPrivateKeyInfo for key '" + keyInfo.getFriendlyName() + "'; skipping key");
}
try {
// first true without BMPString-encoding the passphrase.
store.importEncryptedPrivateKeyInfo(null, password, nickname, publicKey, epkiBytes);
} catch (Exception e) {
// if that failed, try again with BMPString-encoded
// passphrase. This is required for PKCS #12 PBE
// schemes and for PKCS #12 files using PBES2 generated
// by NSS < 3.31
store.importEncryptedPrivateKeyInfo(new PasswordConverter(), password, nickname, publicKey, epkiBytes);
}
// with the correct nickname)
try {
store.deleteCertOnly(cert);
} catch (NoSuchItemOnTokenException e) {
// this is OK
}
}
Also used :
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
PublicKey(java.security.PublicKey)
PK11Store(org.mozilla.jss.pkcs11.PK11Store)
X509CertImpl(org.mozilla.jss.netscape.security.x509.X509CertImpl)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
PasswordConverter(org.mozilla.jss.pkcs12.PasswordConverter)
CryptoManager(org.mozilla.jss.CryptoManager)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException)
CertificateException(java.security.cert.CertificateException)
InvalidNameException(javax.naming.InvalidNameException)
Example 2 with NoSuchItemOnTokenException
use of org.mozilla.jss.crypto.NoSuchItemOnTokenException in project jss by dogtagpki.
the class SigContextProxy method engineInitSign.
@Override
public void engineInitSign(org.mozilla.jss.crypto.PrivateKey privateKey) throws InvalidKeyException, TokenException {
PK11PrivKey privKey;
//
if (privateKey == null) {
throw new InvalidKeyException("private key is null");
}
if (!(privateKey instanceof PK11PrivKey)) {
throw new InvalidKeyException("privateKey is not a PKCS #11 " + "private key");
}
privKey = (PK11PrivKey) privateKey;
try {
privKey.verifyKeyIsOnToken(token);
} catch (NoSuchItemOnTokenException e) {
throw new InvalidKeyException(e.toString());
}
try {
if (KeyType.getKeyTypeFromAlgorithm(algorithm) != privKey.getKeyType()) {
throw new InvalidKeyException("Key type is inconsistent with algorithm");
}
} catch (NoSuchAlgorithmException e) {
throw new InvalidKeyException("Unknown algorithm: " + algorithm, e);
}
// Finally, the key is OK
key = privKey;
// Now initialize the signature context
if (!raw) {
sigContext = null;
initSigContext();
}
// Don't set state until we know everything worked
state = SIGN;
}
Also used :
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
Example 3 with NoSuchItemOnTokenException
use of org.mozilla.jss.crypto.NoSuchItemOnTokenException in project jss by dogtagpki.
the class SSLClientAuth method generateCerts.
private void generateCerts(CryptoManager cm, int serialNum) {
// RSA Key with default exponent
int keyLength = 4096;
try {
java.security.KeyPairGenerator kpg = java.security.KeyPairGenerator.getInstance("RSA", "Mozilla-JSS");
kpg.initialize(keyLength);
KeyPair caPair = kpg.genKeyPair();
// Generate CA cert
SEQUENCE extensions = new SEQUENCE();
extensions.addElement(makeBasicConstraintsExtension());
Certificate caCert = makeCert("CACert", "CACert", serialNum, caPair.getPrivate(), caPair.getPublic(), serialNum, extensions);
X509Certificate nssCaCert = cm.importUserCACertPackage(ASN1Util.encode(caCert), "SSLCA-" + serialNum);
InternalCertificate intern = (InternalCertificate) nssCaCert;
intern.setSSLTrust(PK11Cert.TRUSTED_CA | PK11Cert.TRUSTED_CLIENT_CA | PK11Cert.VALID_CA);
// generate server cert
kpg.initialize(keyLength);
KeyPair serverPair = kpg.genKeyPair();
Certificate serverCert = makeCert("CACert", "localhost", serialNum + 1, caPair.getPrivate(), serverPair.getPublic(), serialNum, null);
nssServerCert = cm.importCertPackage(ASN1Util.encode(serverCert), serverCertNick);
// generate client auth cert
kpg.initialize(keyLength);
KeyPair clientPair = kpg.genKeyPair();
Certificate clientCert = makeCert("CACert", "ClientCert", serialNum + 2, caPair.getPrivate(), clientPair.getPublic(), serialNum, null);
nssClientCert = cm.importCertPackage(ASN1Util.encode(clientCert), clientCertNick);
} catch (CertificateEncodingException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchAlgorithmException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchProviderException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NicknameConflictException ex) {
ex.printStackTrace();
System.exit(1);
} catch (UserCertConflictException ex) {
ex.printStackTrace();
System.exit(1);
} catch (TokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (NoSuchItemOnTokenException ex) {
ex.printStackTrace();
System.exit(1);
} catch (Exception ex) {
ex.printStackTrace();
System.exit(1);
}
}
Also used :
UserCertConflictException(org.mozilla.jss.UserCertConflictException)
KeyPair(java.security.KeyPair)
NicknameConflictException(org.mozilla.jss.NicknameConflictException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
NicknameConflictException(org.mozilla.jss.NicknameConflictException)
SocketException(java.net.SocketException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException)
EOFException(java.io.EOFException)
UserCertConflictException(org.mozilla.jss.UserCertConflictException)
TokenException(org.mozilla.jss.crypto.TokenException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)
SEQUENCE(org.mozilla.jss.asn1.SEQUENCE)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
TokenException(org.mozilla.jss.crypto.TokenException)
NoSuchProviderException(java.security.NoSuchProviderException)
InternalCertificate(org.mozilla.jss.crypto.InternalCertificate)
Certificate(org.mozilla.jss.pkix.cert.Certificate)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
Example 4 with NoSuchItemOnTokenException
use of org.mozilla.jss.crypto.NoSuchItemOnTokenException in project jss by dogtagpki.
the class JSSKeyStoreSpi method engineDeleteEntry.
@Override
public void engineDeleteEntry(String alias) throws KeyStoreException {
try {
CryptoManager manager = CryptoManager.getInstance();
try {
logger.debug("JSSKeyStoreSpi: searching for cert");
X509Certificate cert = manager.findCertByNickname(alias);
CryptoToken token;
if (cert instanceof TokenCertificate) {
TokenCertificate tokenCert = (TokenCertificate) cert;
token = tokenCert.getOwningToken();
} else {
token = manager.getInternalKeyStorageToken();
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: deleting cert: " + alias);
store.deleteCertOnly(cert);
return;
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: cert not found, searching for key");
}
String[] parts = parseAlias(alias);
String tokenName = parts[0];
String nickname = parts[1];
CryptoToken token;
if (tokenName == null) {
token = manager.getInternalKeyStorageToken();
} else {
token = manager.getTokenByName(tokenName);
}
CryptoStore store = token.getCryptoStore();
logger.debug("JSSKeyStoreSpi: searching for private key");
for (PrivateKey privateKey : store.getPrivateKeys()) {
// convert key ID into hexadecimal
String keyID = Utils.HexEncode(privateKey.getUniqueID());
logger.debug("JSSKeyStoreSpi: - " + keyID);
if (!nickname.equals(keyID)) {
continue;
}
try {
logger.debug("JSSKeyStoreSpi: searching for public key: " + nickname);
PublicKey publicKey = store.findPublicKey(privateKey);
logger.debug("JSSKeyStoreSpi: deleting public key: " + nickname);
store.deletePublicKey(publicKey);
} catch (ObjectNotFoundException e) {
logger.debug("JSSKeyStoreSpi: public key not found: " + nickname);
}
logger.debug("JSSKeyStoreSpi: deleting private key: " + nickname);
store.deletePrivateKey(privateKey);
return;
}
logger.debug("JSSKeyStoreSpi: entry not found: " + alias);
throw new KeyStoreException("Entry not found: " + alias);
} catch (NotInitializedException e) {
throw new KeyStoreException(e);
} catch (NoSuchTokenException e) {
throw new KeyStoreException(e);
} catch (TokenException e) {
throw new KeyStoreException(e);
} catch (NoSuchItemOnTokenException e) {
throw new KeyStoreException(e);
}
}
Also used :
CryptoToken(org.mozilla.jss.crypto.CryptoToken)
PrivateKey(org.mozilla.jss.crypto.PrivateKey)
NotInitializedException(org.mozilla.jss.NotInitializedException)
PublicKey(java.security.PublicKey)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
CryptoManager(org.mozilla.jss.CryptoManager)
KeyStoreException(java.security.KeyStoreException)
X509Certificate(org.mozilla.jss.crypto.X509Certificate)
CryptoStore(org.mozilla.jss.crypto.CryptoStore)
NoSuchTokenException(org.mozilla.jss.NoSuchTokenException)
ObjectNotFoundException(org.mozilla.jss.crypto.ObjectNotFoundException)
NoSuchTokenException(org.mozilla.jss.NoSuchTokenException)
NoSuchItemOnTokenException(org.mozilla.jss.crypto.NoSuchItemOnTokenException)
TokenException(org.mozilla.jss.crypto.TokenException)
TokenCertificate(org.mozilla.jss.crypto.TokenCertificate)
Aggregations
NoSuchItemOnTokenException (org.mozilla.jss.crypto.NoSuchItemOnTokenException)4
ObjectNotFoundException (org.mozilla.jss.crypto.ObjectNotFoundException)3
X509Certificate (org.mozilla.jss.crypto.X509Certificate)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
PublicKey (java.security.PublicKey)2
CryptoManager (org.mozilla.jss.CryptoManager)2
CryptoToken (org.mozilla.jss.crypto.CryptoToken)2
TokenException (org.mozilla.jss.crypto.TokenException)2
EOFException (java.io.EOFException)1
SocketException (java.net.SocketException)1
InvalidKeyException (java.security.InvalidKeyException)1
KeyPair (java.security.KeyPair)1
KeyStoreException (java.security.KeyStoreException)1
NoSuchProviderException (java.security.NoSuchProviderException)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
CertificateException (java.security.cert.CertificateException)1
InvalidNameException (javax.naming.InvalidNameException)1
NicknameConflictException (org.mozilla.jss.NicknameConflictException)1
NoSuchTokenException (org.mozilla.jss.NoSuchTokenException)1
NotInitializedException (org.mozilla.jss.NotInitializedException)1
